By Ryan Kamauff
- Four simple steps to protect the US from hackers – Gartner is forecasting an additional 8% cyber spend by firms in 2013, already. As well, the barrier to entry for hacking has been lowered (as Matt and I discussed in yesterday’s podcast, here). Geoff Collins of 1E states that here are the four steps necessary; “First is “Application white-listing,” which allows only authorized software to run on a computer or network. Second and third are very rapid patching of Operating Systems and software. The fourth is minimizing the number of people on a network who have “administrator” privileges.” Via USA Today, more here.
- Chinese university tied to “APT1″ army cyber unit – “Reuters’ Melanie Lee points out that a number of papers on computer network security and intrusion accessible on the Internet link the Shanghai Jiaotong University with the PLA unit considered to be behind the APT1 attacks, as posited by Mandiant.” Via Help Net Security, more here.
- HHS launches internal innovation incubator
– “The U.S. Department of Health and Human Services has launched a new program, HHSignite, that will provide seed funding to ideas that spur innovation throughout the department.” This will provide up to 8 projects with budgets of up to $10,000, which can be completed in less than six months. Via FedScoop, more here.
- Apple updates built-on anti-malware to block Yontoo adware – “Apple has updated its built-in anti-malware to block Yontoo, a browser plugin for Chrome, Safari and Firefox on Mac that injects advertisements into Web pages.” This trojan could track website use and history. Protecting users from it is a good use of Apple’s security capabilities. Via ComputerWorld, more here.
- Kaspersky makes its mobile security apps available for free – Kaspersky is allowing users to download a base version of their mobile security apps. However, there is a catch, the advanced version will run you $14.95 for phones and $19.95 for tablets. The additional capabilities will include scheduling, cloud threat database and more. Via Phandroid, more here.
- Aftermath of the South Korean cyber attacks – “Several South Korean financial institutions and TV broadcaster networks were impacted by a destructive virus, which wiped the hard drives of infected computers, preventing them from booting up upon restart.” ComputerWorld continues to explore these attacks. Via ComputerWorld, more here.
- OpenDNS Raises Cash From Sutter Hill Ventures As It Looks To Build Out Enterprise Network Security As A Service – “Founded in 2005, OpenDNS originally launched as a way for consumers to connect safely to the Internet. The company offers free DNS controls alongside parental and organizational filtering.” OpenDNS had 30M users in 2009, a number which can only have grown. Via TechCrunch, more here.
- Navy cracks down on printing costs – “According to the Department of Navy Chief Information Officer’s office, all Navy Marine Corps Intranet unclassified print default settings are being changed to print documents in black ink and on both sides of the paper.” This change is part of a government-wide mandate slated to save $171M by not printing in color. Smart savings such as these will help relieve some effects of sequestration. Via FedScoop, more here.
- JIE not an attempt at DISA domination, says DISA official – The Joint Information Environment ‘is to create a “single environment” and was instigated by Cyber Command head Gen. Keith Alexander’s conclusion that inconsistencies in information technology management made protecting military information technology from cyber attacks untenable[.]‘ This would create one environment to protect, and one foundation to secure. Via FierceGovernmentIT, more here.
- Network security study reveals 26,000 undetected malware samples – “A two-month study has identified 26,000 unique malware samples that were completely undetected by existing anti-virus solutions.” This Palo Alto Networks study found that web-based malware is usually hidden for 20 days, as opposed to email-based malware. As well, “94 per cent of the undetected malware was delivered via web browsing or web proxies.” Via SC Magazine, more here.
- Researchers identify targeted email attack distributing Android Trojan app – “Security researchers from antivirus vendor Kaspersky Lab have identified a targeted email attack against human rights and political activists that distributed a custom Android Trojan app with information-stealing capabilities.” This is the first reported such attack (using Android malware) to spearphish. It was successful, and we would be wise to expect more of this activity in the near future. Via ComputerWorld, more here.
- Owens rewrites USPTO’s IT future – “Owens said the USPTO’s automated systems were built – in some cases – approximately 40 years ago and has been carried through various updates and upgrades, but is not in line with modern technology.” “Owens is using open source and agile development to rewrite the more than 200 automated systems the agency uses. Using mainly Red Hat’s CloudForms, Owens said USPTO would focus on bringing a better set of Internet technologies to the agency’s more than 11,000 employees.” Via FedScoop, more here.
- Most Java-enabled browsers vulnerable to widespread Java exploits, Websense says – “Most browser installations use outdated versions of the Java plug-in that are vulnerable to at least one of several exploits currently used in popular Web attack toolkits, according to statistics published Monday by security vendor Websense.” Java has undergone a variety of issues lately, but people need to be sure to protect against the browsers and their vulnerabilities. Via ComputerWorld, more here.
- OMB renews requirement for agencies to use shared service providers for financial systems – “The Office of Management and Budget says agencies should stop buying their own core financial management systems in favor of federal or commercial shared service providers, with changes in OMB policy to codify that requirement to come.” If agencies use these shared service providers they will realize both savings and efficiencies for the taxpayer. Via FierceGovernmentIT, more here.